From f2ef5f878df7c9536736684251fe86f456fc7590 Mon Sep 17 00:00:00 2001
From: Shauren <shauren.trinity@gmail.com>
Date: Sun, 28 Jul 2019 00:07:19 +0200
Subject: Core/PacketIO: Added missing packet array size checks

---
 src/server/game/Guilds/Guild.cpp                       | 10 +++++++---
 src/server/game/Guilds/Guild.h                         |  6 +++---
 src/server/game/Handlers/GuildHandler.cpp              |  3 ++-
 src/server/game/Server/Packets/ClientConfigPackets.cpp |  3 +++
 src/server/game/Server/Packets/GuildPackets.cpp        | 11 +++--------
 src/server/game/Server/Packets/GuildPackets.h          |  2 +-
 src/server/game/Server/Packets/LootPackets.h           |  2 +-
 7 files changed, 20 insertions(+), 17 deletions(-)

(limited to 'src/server')

diff --git a/src/server/game/Guilds/Guild.cpp b/src/server/game/Guilds/Guild.cpp
index 6a25fb9bbe7..18419eae7ea 100644
--- a/src/server/game/Guilds/Guild.cpp
+++ b/src/server/game/Guilds/Guild.cpp
@@ -1418,7 +1418,7 @@ void Guild::SendGuildRankInfo(WorldSession* session) const
     TC_LOG_DEBUG("guild", "SMSG_GUILD_RANK [%s]", session->GetPlayerInfo().c_str());
 }
 
-void Guild::HandleSetAchievementTracking(WorldSession* session, std::set<uint32> const& achievementIds)
+void Guild::HandleSetAchievementTracking(WorldSession* session, uint32 const* achievementIdsBegin, uint32 const* achievementIdsEnd)
 {
     Player* player = session->GetPlayer();
 
@@ -1426,10 +1426,14 @@ void Guild::HandleSetAchievementTracking(WorldSession* session, std::set<uint32>
     {
         std::set<uint32> criteriaIds;
 
-        for (uint32 achievementId : achievementIds)
+        for (uint32 const* achievementIdItr = achievementIdsBegin; achievementIdItr != achievementIdsEnd; ++achievementIdItr)
         {
+            uint32 achievementId = *achievementIdItr;
             if (AchievementEntry const* achievement = sAchievementStore.LookupEntry(achievementId))
             {
+                if (!(achievement->Flags & ACHIEVEMENT_FLAG_GUILD) || m_achievementMgr.HasAchieved(achievementId))
+                    continue;
+
                 if (CriteriaTree const* tree = sCriteriaMgr->GetCriteriaTree(achievement->CriteriaTree))
                 {
                     CriteriaMgr::WalkCriteriaTree(tree, [&criteriaIds](CriteriaTree const* node)
@@ -1441,7 +1445,7 @@ void Guild::HandleSetAchievementTracking(WorldSession* session, std::set<uint32>
             }
         }
 
-        member->SetTrackedCriteriaIds(criteriaIds);
+        member->SetTrackedCriteriaIds(std::move(criteriaIds));
         m_achievementMgr.SendAllTrackedCriterias(player, member->GetTrackedCriteriaIds());
     }
 }
diff --git a/src/server/game/Guilds/Guild.h b/src/server/game/Guilds/Guild.h
index 6a3e216a87f..c13bdc728c5 100644
--- a/src/server/game/Guilds/Guild.h
+++ b/src/server/game/Guilds/Guild.h
@@ -368,8 +368,8 @@ class TC_GAME_API Guild
                 uint32 GetTotalReputation() const { return m_totalReputation; }
                 uint32 GetWeekReputation() const { return m_weekReputation; }
 
-                std::set<uint32> GetTrackedCriteriaIds() const { return m_trackedCriteriaIds; }
-                void SetTrackedCriteriaIds(std::set<uint32> criteriaIds) { m_trackedCriteriaIds.swap(criteriaIds); }
+                std::set<uint32> const& GetTrackedCriteriaIds() const { return m_trackedCriteriaIds; }
+                void SetTrackedCriteriaIds(std::set<uint32> criteriaIds) { m_trackedCriteriaIds = std::move(criteriaIds); }
                 bool IsTrackingCriteriaId(uint32 criteriaId) const { return m_trackedCriteriaIds.find(criteriaId) != m_trackedCriteriaIds.end();  }
 
                 bool IsOnline() const { return (m_flags & GUILDMEMBER_STATUS_ONLINE); }
@@ -755,7 +755,7 @@ class TC_GAME_API Guild
         // Handle client commands
         void HandleRoster(WorldSession* session);
         void SendQueryResponse(WorldSession* session, ObjectGuid const& playerGuid);
-        void HandleSetAchievementTracking(WorldSession* session, std::set<uint32> const& achievementIds);
+        void HandleSetAchievementTracking(WorldSession* session, uint32 const* achievementIdsBegin, uint32 const* achievementIdsEnd);
         void HandleGetAchievementMembers(WorldSession* session, uint32 achievementId) const;
         void HandleSetMOTD(WorldSession* session, std::string const& motd);
         void HandleSetInfo(WorldSession* session, std::string const& info);
diff --git a/src/server/game/Handlers/GuildHandler.cpp b/src/server/game/Handlers/GuildHandler.cpp
index 929d98da7e6..02a19b6e25b 100644
--- a/src/server/game/Handlers/GuildHandler.cpp
+++ b/src/server/game/Handlers/GuildHandler.cpp
@@ -436,8 +436,9 @@ void WorldSession::HandleGuildSetGuildMaster(WorldPackets::Guild::GuildSetGuildM
 void WorldSession::HandleGuildSetAchievementTracking(WorldPackets::Guild::GuildSetAchievementTracking& packet)
 {
     if (Guild* guild = GetPlayer()->GetGuild())
-        guild->HandleSetAchievementTracking(this, packet.AchievementIDs);
+        guild->HandleSetAchievementTracking(this, packet.AchievementIDs.data(), packet.AchievementIDs.data() + packet.AchievementIDs.size());
 }
+
 void WorldSession::HandleGuildGetAchievementMembers(WorldPackets::Achievement::GuildGetAchievementMembers& getAchievementMembers)
 {
     if (Guild* guild = GetPlayer()->GetGuild())
diff --git a/src/server/game/Server/Packets/ClientConfigPackets.cpp b/src/server/game/Server/Packets/ClientConfigPackets.cpp
index a18d8c2627c..2cc1efa8d0c 100644
--- a/src/server/game/Server/Packets/ClientConfigPackets.cpp
+++ b/src/server/game/Server/Packets/ClientConfigPackets.cpp
@@ -59,6 +59,9 @@ void WorldPackets::ClientConfig::UserClientUpdateAccountData::Read()
     DataType = _worldPacket.ReadBits(3);
 
     uint32 compressedSize = _worldPacket.read<uint32>();
+    if (compressedSize > _worldPacket.size() - _worldPacket.rpos())
+        throw ByteBufferPositionException(_worldPacket.rpos(), _worldPacket.size(), compressedSize);
+
     if (compressedSize)
     {
         CompressedData.resize(compressedSize);
diff --git a/src/server/game/Server/Packets/GuildPackets.cpp b/src/server/game/Server/Packets/GuildPackets.cpp
index 1e074cb3025..20fb6f40ae0 100644
--- a/src/server/game/Server/Packets/GuildPackets.cpp
+++ b/src/server/game/Server/Packets/GuildPackets.cpp
@@ -807,15 +807,10 @@ WorldPacket const* WorldPackets::Guild::PlayerSaveGuildEmblem::Write()
 
 void WorldPackets::Guild::GuildSetAchievementTracking::Read()
 {
-    uint32 count;
-    _worldPacket >> count;
+    AchievementIDs.resize(_worldPacket.read<uint32>());
 
-    for (uint32 i = 0; i < count; ++i)
-    {
-        uint32 value;
-        _worldPacket >> value;
-        AchievementIDs.insert(value);
-    }
+    for (uint32& achievementID : AchievementIDs)
+        _worldPacket >> achievementID;
 }
 
 WorldPacket const* WorldPackets::Guild::GuildNameChanged::Write()
diff --git a/src/server/game/Server/Packets/GuildPackets.h b/src/server/game/Server/Packets/GuildPackets.h
index b72d4857d48..9a3b70df911 100644
--- a/src/server/game/Server/Packets/GuildPackets.h
+++ b/src/server/game/Server/Packets/GuildPackets.h
@@ -1018,7 +1018,7 @@ namespace WorldPackets
 
             void Read() override;
 
-            std::set<uint32> AchievementIDs;
+            Array<uint32, 10> AchievementIDs;
         };
 
         class GuildNameChanged final : ServerPacket
diff --git a/src/server/game/Server/Packets/LootPackets.h b/src/server/game/Server/Packets/LootPackets.h
index adacd5c0fb7..115851711a9 100644
--- a/src/server/game/Server/Packets/LootPackets.h
+++ b/src/server/game/Server/Packets/LootPackets.h
@@ -89,7 +89,7 @@ namespace WorldPackets
 
             void Read() override;
 
-            std::vector<LootRequest> Loot;
+            Array<LootRequest, 1000> Loot;
         };
 
         class LootRemoved final : public ServerPacket
-- 
cgit v1.2.3